diff options
| author |   Aric Gardner <agardner@linuxfoundation.org> | 2016-07-04 15:20:39 -0400 |
|---|---|---|
| committer | Aric Gardner <agardner@linuxfoundation.org> | 2016-07-05 15:42:22 -0400 |
| commit | d688859a6e5abfacb5069272994bdce2ad0e9f66 (patch) | |
| tree | a7ec7afa277c903e36a14fc85d778458db631348 /jjb/apex | |
| parent | 6e5fc37495ddbf9dd6ac19efe4e8fbd0aa474dfe (diff) | |
This will enable artifact signing for apex uploads
sources gpg_import_key.sh which:
-installs gpg2
-imports key
-grabs proper key based on $NODE_NAME
only tries to sign if the key is correctly imported
otherwise it will skip signing and just do the upload
Keys have only been created for lf intel and ericsson labs
Keys are only unique per company
Master pubkey has not been sent to the key server
Or brought into the web of trust.
Lets see that this works as I expected rather than
having to go through the pain of revoking these keys.
Change-Id: Ifa4bc4e11407c53f8174f6c64945949bf66d6535
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Diffstat (limited to 'jjb/apex')
| -rwxr-xr-x | jjb/apex/apex-upload-artifact.sh | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/jjb/apex/apex-upload-artifact.sh b/jjb/apex/apex-upload-artifact.sh index 0598f5615..ba69f3eb6 100755 --- a/jjb/apex/apex-upload-artifact.sh +++ b/jjb/apex/apex-upload-artifact.sh @@ -11,6 +11,32 @@ echo # source the opnfv.properties to get ARTIFACT_VERSION source $WORKSPACE/opnfv.properties +#this is where we import the siging key +source $WORKSPACE/releng/utils/gpg_import_key.sh + +signrpm () { +for artifact in $RPM_LIST $SRPM_LIST; do + echo "Signing artifact: ${artifact}" + gpg2 -vvv --batch \ + --default-key opnfv-helpdesk@rt.linuxfoundation.org \ + --passphrase besteffort \ + --detach-sig $artifact + gsutil cp "$artifact".sig gs://$GS_URL/$(basename "$artifact".sig) + echo "Upload complete for ${artifact} signature" +done +} + +signiso () { +time gpg2 -vvv --batch \ + --default-key opnfv-helpdesk@rt.linuxfoundation.org \ + --passphrase notreallysecure \ + --detach-sig $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso + +gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso.sig gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso.sig +echo "ISO signature Upload Complete!" +} + +uploadiso () { # upload artifact and additional files to google storage gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso > gsutil.iso.log echo "ISO Upload Complete!" @@ -26,7 +52,10 @@ VERSION_EXTENSION=$(echo $(basename $OPNFV_SRPM_URL) | sed 's/opnfv-apex-//') for pkg in common undercloud opendaylight-sfc onos; do SRPM_LIST+=" ${SRPM_INSTALL_PATH}/opnfv-apex-${pkg}-${VERSION_EXTENSION}" done +} +uploadrpm () { +#This is where we upload the rpms for artifact in $RPM_LIST $SRPM_LIST; do echo "Uploading artifact: ${artifact}" gsutil cp $artifact gs://$GS_URL/$(basename $artifact) > gsutil.iso.log @@ -34,6 +63,18 @@ for artifact in $RPM_LIST $SRPM_LIST; do done gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.properties > gsutil.properties.log gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/latest.properties > gsutil.latest.log +} + +if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then + echo "Signing Key avaliable" + signiso + uploadiso + signrpm + uploadrpm +else + uploadiso + uploadrpm +fi echo echo "--------------------------------------------------------" |